tipc: reinitialize pointer after skb linearize

The msg pointer into header may change after skb linearization. We must reinitialize it after calling skb_linearize to prevent operating on a freed or invalid pointer. Signed-off-by: Erik Hugne <[email protected]> Reported-by: Tamás Végh <[email protected]> Acked-by: Ying Xue <[email protected]> Signed-off-by: David S. Miller <[email protected]>
author: Erik Hugne <[email protected]> 2015-09-18 08:46:31 +0000
committer: David S. Miller <[email protected]> 2015-09-21 05:31:20 +0000
commit: 4e3ae00100945d39e1f83b7c0179a114ccf55759 (patch)
tree: 0d911950c7ea216376f756cd1e4d33a7ce9ba449 /net/tipc/msg.c
parent: Revert "net/phy: Add Vitesse 8641 phy ID" (diff)
download: kernel-4e3ae00100945d39e1f83b7c0179a114ccf55759.tar.gz
kernel-4e3ae00100945d39e1f83b7c0179a114ccf55759.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/net/tipc/msg.c b/net/tipc/msg.c
index 562c926a51cc..c5ac436235e0 100644
--- a/net/tipc/msg.c
+++ b/net/tipc/msg.c
@@ -539,6 +539,7 @@ bool tipc_msg_lookup_dest(struct net *net, struct sk_buff *skb, int *err)
 	*err = -TIPC_ERR_NO_NAME;
 	if (skb_linearize(skb))
 		return false;
+	msg = buf_msg(skb);
 	if (msg_reroute_cnt(msg))
 		return false;
 	dnode = addr_domain(net, msg_lookup_scope(msg));
author	Erik Hugne <[email protected]>	2015-09-18 08:46:31 +0000
committer	David S. Miller <[email protected]>	2015-09-21 05:31:20 +0000
commit	4e3ae00100945d39e1f83b7c0179a114ccf55759 (patch)
tree	0d911950c7ea216376f756cd1e4d33a7ce9ba449 /net/tipc/msg.c
parent	Revert "net/phy: Add Vitesse 8641 phy ID" (diff)
download	kernel-4e3ae00100945d39e1f83b7c0179a114ccf55759.tar.gz kernel-4e3ae00100945d39e1f83b7c0179a114ccf55759.zip